If you manage your company’s website, you’ve likely heard about HTTPS and SSL certificates. If you don’t have an SSL certificate yet, or if you’re just wondering what all the fuss is about, this article is for you.
We have installed and configured a lot of websites to work on HTTPS. Here’s what we have learned.
1. Everyone should get a certificate sooner than later
There are three big reasons to get one. First, security. As information passes to and from your website visitors, it passes through any number of other computers (servers). SSL encrypts the data, so it can only be read by the intended parties. If you’re sending credit card numbers through your website, this encryption is a must—but it’s smart to enact for any potentially sensitive information (like email addresses).
Second, you should get a certificate to establish trust and credibility. Web browsers show a “secure” message next to your site URL when your site is coming through over HTTPS. Some (including Google Chrome) will show a sort-of-scary “Not secure” message without HTTPS.
The third reason to get an SSL certificate is the potential SEO boost. Since SSL is an indicator of credibility and security, Google (the search engine we care most about) may prioritize websites that use it. They tend to be cryptic about how their search algorithms work, but they have indicated it is a “ranking signal.”
2. You might not have to pay for a certificate
The cost of an SSL certificate depends on the type you need, and who you buy it from. Without going into too much detail, know that you can get a basic “domain validated” certificate from some companies for free. (Let’s Encrypt is our go-to source for free DV certificates). If your web host offers that, it’s a no-brainer!
3. Buying a certificate is easy, configuring it may not be
Web hosts are eager to sell you a certificate. Most are OK about helping you install it, but it’s also fairly easy to botch the installation and configuration—and the result is often downtime or worse, a scary security message. We’ve definitely seen this go wrong.
The browser message when your SSL certificate isn't configured correctly. Not good.
If you feel unsure, it’s a great idea to reach out to a trusted partner to walk you through the process.
A tip: after installing your certificate, ensure you’re forcing all your visitors (via a redirect) to access your site over HTTPS. There are various ways to set this up, depending on your platform. This makes sure you’re taking advantage of the certificate, and is also better for SEO.
Wrapping things up
We hope you learned a few new things—or maybe even found the courage to move your site over to HTTPS! It’s an important step worth diving into. If you need help, just send us a message! We would love to lend a hand.